package/iptables/Makefile

   1 # $Id$
   2
   3 include $(TOPDIR)/rules.mk
   4
   5 PKG_NAME:=iptables
   6 PKG_VERSION:=1.3.5
   7 PKG_RELEASE:=1
   8 PKG_MD5SUM:=00fb916fa8040ca992a5ace56d905ea5
   9
  10 PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
  11         ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
  12         ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
  13         ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
  14 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
  15 PKG_CAT:=bzcat
  16
  17 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
  18 PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
  19
  20 PKG_MENU:=IPv4 / IPv6 firewall administration
  21
  22 include $(TOPDIR)/package/rules.mk
  23 ifeq ($(DUMP),)
  24 include $(LINUX_DIR)/.config
  25 include $(TOPDIR)/target/linux/netfilter.mk
  26 endif
  27
  28 define Package/iptables
  29 SECTION:=net
  30 CATEGORY:=Base system
  31 MENU:=1
  32 DEFAULT:=y
  33 TITLE:=IPv4 firewall administration tool
  34 URL:=http://netfilter.org/
  35 endef
  36
  37 define Package/iptables-mod-conntrack
  38 SECTION:=net
  39 CATEGORY:=Base system
  40 DEPENDS:=iptables
  41 TITLE:=iptables extensions for connection tracking
  42 DESCRIPTION:=Includes: \\\
  43         * libipt_conntrack \\\
  44         * libipt_helper \\\
  45         * libipt_connmark/CONNMARK
  46
  47 endef
  48
  49 define Package/iptables-mod-filter
  50 SECTION:=net
  51 CATEGORY:=Base system
  52 DEPENDS:=iptables
  53 TITLE:=iptables extensions for packet content inspection
  54 DESCRIPTION:=Includes: \\\
  55         * libipt_ipp2p \\\
  56         * libipt_layer7
  57
  58 endef
  59
  60 define Package/iptables-mod-imq
  61 SECTION:=net
  62 CATEGORY:=Base system
  63 DEPENDS:=iptables
  64 TITLE:=iptables extension for IMQ support
  65 DESCRIPTION:=Includes: \\\
  66         * libipt_IMQ
  67
  68 endef
  69
  70 define Package/iptables-mod-ipopt
  71 SECTION:=net
  72 CATEGORY:=Base system
  73 DEPENDS:=iptables
  74 TITLE:=iptables extensions for matching/changing IP packet options
  75 DESCRIPTION:=Includes: \\\
  76         * libipt_dscp/DSCP \\\
  77         * libipt_ecn/ECN \\\
  78         * libipt_length \\\
  79         * libipt_mac \\\
  80         * libipt_tos/TOS \\\
  81         * libipt_tcpmms \\\
  82         * libipt_ttl/TTL \\\
  83         * libipt_unclean
  84
  85 endef
  86
  87 define Package/iptables-mod-ipsec
  88 SECTION:=net
  89 CATEGORY:=Base system
  90 DEPENDS:=iptables
  91 TITLE:=iptables extensions for matching ipsec traffic
  92 DESCRIPTION:=Includes: \\\
  93         * libipt_ah \\\
  94         * libipt_esp
  95
  96 endef
  97
  98 define Package/iptables-mod-nat
  99 SECTION:=net
 100 CATEGORY:=Base system
 101 DEPENDS:=iptables
 102 TITLE:=iptables extensions for different NAT targets
 103 DESCRIPTION:=Includes: \\\
 104         * libipt_REDIRECT
 105 endef
 106
 107 define Package/iptables-mod-ulog
 108 SECTION:=net
 109 CATEGORY:=Base system
 110 DEPENDS:=iptables
 111 TITLE:=iptables extensions for user-space packet logging
 112 DESCRIPTION:=Includes: \\\
 113         * libipt_ULOG
 114 endef
 115
 116 define Package/iptables-mod-extra
 117 SECTION:=net
 118 CATEGORY:=Base system
 119 DEPENDS:=iptables
 120 TITLE:=other extra iptables extensions
 121 DESCRIPTION:=Includes: \\\
 122         * libipt_limit \\\
 123         * libipt_owner \\\
 124         * libipt_physdev \\\
 125         * libipt_pkttype \\\
 126         * libipt_recent
 127
 128 endef
 129
 130 define Package/iptables-utils
 131 SECTION:=net
 132 CATEGORY:=Base system
 133 DEPENDS:=iptables
 134 TITLE:=iptables save and restore utilities
 135 endef
 136
 137 define Package/ip6tables
 138 SECTION:=net
 139 CATEGORY:=Base system
 140 TITLE:=IPv6 firewall administration tool
 141 endef
 142
 143
 144 define Build/Configure
 145 endef
 146
 147 define Build/Compile
 148         chmod a+x $(PKG_BUILD_DIR)/extensions/.*-test*
 149         mkdir -p $(PKG_INSTALL_DIR)
 150         $(MAKE) -C $(PKG_BUILD_DIR) \
 151                 $(TARGET_CONFIGURE_OPTS) \
 152                 CC=$(TARGET_CC) COPT_FLAGS="$(TARGET_CFLAGS)" \
 153                 KERNEL_DIR=$(LINUX_DIR) PREFIX=/usr \
 154                 DESTDIR="$(PKG_INSTALL_DIR)" \
 155                 all install install-devel
 156 endef
 157
 158 define Package/iptables/install
 159         install -d -m0755 $(1)/etc/config
 160         install -m0644 ./files/firewall.config $(1)/etc/config/firewall
 161         install -d -m0755 $(1)/etc/init.d
 162         install -m0755 ./files/firewall.init $(1)/etc/init.d/S45firewall
 163         install -m0755 ./files/firewall.user $(1)/etc/
 164         install -d -m0755 $(1)/usr/lib
 165         install -m0644 ./files/firewall.awk $(1)/usr/lib
 166         install -d -m0755 $(1)/usr/sbin
 167         $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
 168         install -d -m0755 $(1)/usr/lib/iptables
 169         (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
 170                 $(CP) $(patsubst %,lib%.so,$(IPT_BUILTIN:xt_%=ipt_%)) $(1)/usr/lib/iptables/ \
 171         )
 172         $(RSTRIP) $(1)
 173 endef
 174
 175 define Package/iptables-utils/install
 176         install -d -m0755 $(1)/usr/sbin
 177         $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(1)/usr/sbin/
 178         $(RSTRIP) $(1)
 179 endef
 180
 181 define Package/ip6tables/install
 182         install -d -m0755 $(1)/usr/sbin
 183         $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
 184         install -d -m0755 $(1)/usr/lib/iptables
 185         (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
 186                 $(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
 187         )
 188         $(RSTRIP) $(1)
 189 endef
 190
 191 define BuildPlugin
 192 define Package/$(1)/install
 193         install -m0755 -d $$(1)/usr/lib/iptables
 194         for m in $$(patsubst xt_%,ipt_%,$(2)); do \
 195                 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
 196         done
 197         $(3)
 198         $(RSTRIP) $$(1)
 199 endef
 200
 201 $$(eval $$(call BuildPackage,$(1)))
 202 endef
 203
 204 L7_INSTALL:=mkdir -p $$(1)/etc/l7-protocols; \
 205         $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
 206
 207 $(eval $(call BuildPackage,iptables))
 208 $(eval $(call BuildPackage,iptables-utils))
 209 $(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
 210 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
 211 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
 212 $(eval $(call BuildPlugin,iptables-mod-imq,$(IPT_IMQ-m)))
 213 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
 214 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
 215 $(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
 216 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
 217 $(eval $(call BuildPackage,ip6tables))
 218
 219
 220 $(STAGING_DIR)/usr/lib/libipq.a: $(PKG_BUILD_DIR)/.built
 221         mkdir -p $(STAGING_DIR)/usr/include
 222         $(CP) $(PKG_INSTALL_DIR)/usr/include/libipq.h $(STAGING_DIR)/usr/include/
 223         mkdir -p $(STAGING_DIR)/usr/lib
 224         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.a $(STAGING_DIR)/usr/lib/
 225
 226 install-dev: $(STAGING_DIR)/usr/lib/libipq.a
 227 uninstall-dev:
 228         rm -rf $(STAGING_DIR)/usr/include/libipq.h
 229         rm -rf $(STAGING_DIR)/usr/lib/libipq.a
 230
 231 compile-targets: install-dev
 232 clean-targets: uninstall-dev
 233